You are here

Election Security Resource Library

Below is a collection of the publications and materials developed to support state and local officials in their efforts to safeguard election systems.  Beyond these resources, CISA offers voluntary and free assistance to state and local election officials and authorities to support their infrastructure’s security.

Checklists and Guides

DHS Campaign Checklist

A one-page cybersecurity checklist to support political campaigns in protecting against malicious actors.

Election Security Resources Guide

A compilation of CISA contacts and resources available to support state and local election officials.

HTTPS

An overview of Hyper Text Transfer Protocol Secure (HTTPS), which is used to encrypt and securely transmit information between a user's web browser and the website they are connected to. Encryption is especially important on webpages that collect information through forms or require a user to login, such as online voter registration.

Incident Handling Overview for Election Officials

A summary of CISA’s cyber incident response team services for election officials as well as one page guidance on incident response planning considerations, a checklist for requesting assistance, the incident response process and common mistakes to avoid.

Ransomware Executive One Pager and Technical Document

An interagency guide that provides an aggregate of Federal government and private industry best practices and mitigation strategies focused on the prevention and response to ransomware incidents. 

Securing Voter Registration Data

An overview of threats to voter registration websites and databases along with recommendations on how election officials and network administrators can protect and prevent the threats.

Leveraging the .gov

The .gov domain is a top-level domain (TLD) that was established to make it easy to identify US-based government organizations on the internet.  All three branches of the US Government, and all 50 states, and many local governments use .gov for their domains.

DMARC

Domain-Based Message Authentication, Reporting and Conformance (DMARC) is an email authentication policy that protects against bad actors using fake email addresses disguised to look like legitimate emails from trusted sources.  DMARC makes it easier for email senders and receivers to determine whether or not an email legitimately originated from the identified sender.  Further, DMARC provides the user with instructions for handling the email if it is fraudulent. 

Multi-Factor Authentication

Multi-factor authentication (MFA) is a layered approach to securing data and applications where a system requires a user to present a combination of two or more credentials to verify a user's identify for login.  MFA increases security because even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the targeted physical space, computing device, network, or database.

Ransomware Guidance for Election Officials

This document includes best practices to protect your systems and data against ransomware, planning for a ransomware incident, recovering from a ransomware attack, and CISA services and support.

Infographics

U.S. Electoral Process Infographic

An infographic that outlines pre-election, election day, and post-election activities that rely on election infrastructure.

Ensuring and Securing Your Vote - National Audience

An infographic outlining best practices for voters, co-logoed by the U.S. Election Assistance Commission, the National Association of Secretaries of State, the National Association of State Election Directors, and the Department of Homeland Security.

Ensuring and Securing Your Vote - State & Local Audience

An infographic outlining best practices for voters that can be customized with a state or local website for additional information, co-logoed by the U.S. Election Assistance Commission, the National Association of Secretaries of State and the National Association of State Election Directors.

Foreign Interference Taxonomy

An infographic that explains malign actions taken by foreign governments or foreign actors for the purpose of undermining the interests of the U.S. and its allies.

Flyers

Before You Vote - National

A joint flyer produced by the U.S. Election Assistance Commission, the National Association of Secretaries of State, the National Association of State Election Directors, and the Department of Homeland Security to educate voters on actions they should take before Election Day.

Before You Vote - State and Local

A joint flyer produced by the U.S. Election Assistance Commission, the National Association of Secretaries of State, and the National Association of State Election Directors that can be customized with a state or local election information website to educate voters on actions they should take before Election Day.

Vote with Confidence

A joint flyer produced by the U.S. Election Assistance Commission, the National Association of Secretaries of State, the National Association of State Election Directors, and the Department of Homeland Security to help voters cast their ballots with confidence.

State & Local Official Results

A joint flyer produced by the U.S. Election Assistance Commission, the National Association of Secretaries of State, the National Association of State Election Directors, and the Department of Homeland Security to remind voters that only state and local election officials provide official results.

Reports

Election Infrastructure Security Funding Considerations

A report produced by the Election Infrastructure Subsector Government Coordinating Council to provide direction to the election community regarding possible consideration, both short and long term, for the use of 2018 Congressionally appropriated election funding, as well as to provide support for procurement decisions regarding use of the funding.

Best Practices for Continuity of Operations

A paper providing organizations recommended guidance and considerations as part of their network architecture, security baseline, continuous monitoring, and Incident Response practices in order to actively prepare for and respond to a disruptive event such as destructive malware.

 

 

Topics: 
Collections: 
Last Published Date: October 7, 2019
Back to Top